玖涯软件开发|java/go/python

Spring Security Pre/PostAuthorize should not ignore HandleAuthorizationDenied#handlerClass when ApplicationContext is not provided

A test like this:public class HandleTests { @Test public void test() { AuthorizationProxyFactory proxyFactor...

Spring Security Auth Manager troubles upgrading from 6.0.0-M6 to 6.0.0-RC1

SummaryI am currently on spring security 5.7.5 and working on upgrading to 6. When running with 6.0.0-M6 my app boots up...

Spring Security Consider supporting HTTP POST method and body request on OAuth2 Authorization Code Grant redirection

Expected BehaviorMany of us are working on integrating Apple login using Spring Security as a client. While struggling w...

Spring Security Consider allowing to hide UserNotFoundException in PreAuthenticatedAuthenticationProvider

I'd like to hide UsernameNotFoundException in PreAuthenticatedAuthenticationProvider as like DaoAuthenticationProvider S...

Spring Security The access to the H2 console is denied when the Spring Boot project is upgraded to Spring Security 6

Describe the bugWhen I upgraded my Spring Boot project from 2.7.7 to 3.0.1, the H2 console browser access is denied (403...

Spring Security Unexpected behavior when adding a custom authentication filter in place of UsernamePasswordAuthenticationFilter.

Describe the bugI extended the UsernamePasswordAuthenticationFilter with a filter that parses a JSON payload that contai...

Spring Security unable to build from source , i am using jdk 17.0.8 & 18 versions

at org.gradle.groovy.scripts.internal.DefaultScriptRunnerFactory$ScriptRunnerImpl.run(DefaultScriptRunnerFactory.java:91...

Spring Security Add support OAuth 2.0 Step-up Authentication Challenge Protocol

Need to add support OAuth 2.0 Step-up Authentication Challenge Protocol. Now I use custom validators on the server resou...

Spring Security Highly concurrent requests with client_credentials cause duplicate access token requests

Expected BehaviorOAuth tokens could be reused. Even if multiple requests happen concurrently.Current BehaviorIf a lot of...

Spring Security RunAsManager replacement

RunAsManager can add to or change the existing authentication for the duration of a message, a request, or a method call...

Spring Security Race condition in HeaderWriterFilter when using asynchronous processing

Describe the bugWhen using HeaderWriterFilter and asynchronous processing (e. g. a Spring MVC controller method that ret...

Spring Security Saml2: The metadata generated by the saml does not include keyinfo encryption part

Currently the sp metadata generated does not contain the encryption details present under keyinfodescriptor use="encrypt...

Spring Security Calling SecurityContextHolder.setStrategyName(strategy) breaks Spring filters

Calling SecurityContextHolder.setStrategyName(strategy) with any strategy name breaks spring filters because of code lik...

Spring Security Session Mapper in documenation, but is private inaccessible class

Hi there, The use of the Session Mapper here in the documentation:https://docs.spring.io/spring-session/reference/config...

Spring Security Instrument (Reactive)AuthorizationManager

Comment From: ShabinWhen moving from spring 5 to 6 for one of our legacy applications, the change in HttpSecurityBeanDef...

Spring Security org.springframework.security.access.AccessDeniedException: Access Denied when deployed to server. Granted Authorities=[ROLE_ANONYMOUS]]

I get some error when use trace in server look like: 2023-10-13T08:56:09.091Z TRACE 17872 --- [nio-3009-exec-1] estMatch...